A. Gauthier, Clement Mazin, Julien Iguchi-Cartigny, Jean-Louis Lanet
{"title":"OKL4系统调用测试的增强模糊技术","authors":"A. Gauthier, Clement Mazin, Julien Iguchi-Cartigny, Jean-Louis Lanet","doi":"10.1109/ARES.2011.116","DOIUrl":null,"url":null,"abstract":"Virtual machine monitor is a hot topic in the embedded community. Apart from high end system, current processors for embedded systems do not have any instructions helping to virtualize an operating system. Based on this fact, most of the current hyper visors for embedded devices use the Para virtualization technique. This is the case of the OKL4 kernel which is based on the L4 micro-kernel and implements among other the Linux kernel as guest OS. We introduce our ongoing work for testing the security of OKL4. We have chosen to focus on the most low level OKL4 interface usable from an external actor: the system call API. Because all operating system components use directly or indirectly these system calls, a minor flaw at this level can impact in chain the entire system including a virtualized kernel. We have developed a model describing the OKL4 system calls. This model also contains all constraints applicable to a system call. Based on these models, we are working on a tool using the constraints to compute a reduced set of system call input values which are highly likely to generate flaws in OKL4 if they are not fully checked by the hypervisor.","PeriodicalId":254443,"journal":{"name":"2011 Sixth International Conference on Availability, Reliability and Security","volume":"12 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"16","resultStr":"{\"title\":\"Enhancing Fuzzing Technique for OKL4 Syscalls Testing\",\"authors\":\"A. Gauthier, Clement Mazin, Julien Iguchi-Cartigny, Jean-Louis Lanet\",\"doi\":\"10.1109/ARES.2011.116\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Virtual machine monitor is a hot topic in the embedded community. Apart from high end system, current processors for embedded systems do not have any instructions helping to virtualize an operating system. Based on this fact, most of the current hyper visors for embedded devices use the Para virtualization technique. This is the case of the OKL4 kernel which is based on the L4 micro-kernel and implements among other the Linux kernel as guest OS. We introduce our ongoing work for testing the security of OKL4. We have chosen to focus on the most low level OKL4 interface usable from an external actor: the system call API. Because all operating system components use directly or indirectly these system calls, a minor flaw at this level can impact in chain the entire system including a virtualized kernel. We have developed a model describing the OKL4 system calls. This model also contains all constraints applicable to a system call. Based on these models, we are working on a tool using the constraints to compute a reduced set of system call input values which are highly likely to generate flaws in OKL4 if they are not fully checked by the hypervisor.\",\"PeriodicalId\":254443,\"journal\":{\"name\":\"2011 Sixth International Conference on Availability, Reliability and Security\",\"volume\":\"12 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-08-22\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"16\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2011 Sixth International Conference on Availability, Reliability and Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ARES.2011.116\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 Sixth International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ARES.2011.116","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Enhancing Fuzzing Technique for OKL4 Syscalls Testing
Virtual machine monitor is a hot topic in the embedded community. Apart from high end system, current processors for embedded systems do not have any instructions helping to virtualize an operating system. Based on this fact, most of the current hyper visors for embedded devices use the Para virtualization technique. This is the case of the OKL4 kernel which is based on the L4 micro-kernel and implements among other the Linux kernel as guest OS. We introduce our ongoing work for testing the security of OKL4. We have chosen to focus on the most low level OKL4 interface usable from an external actor: the system call API. Because all operating system components use directly or indirectly these system calls, a minor flaw at this level can impact in chain the entire system including a virtualized kernel. We have developed a model describing the OKL4 system calls. This model also contains all constraints applicable to a system call. Based on these models, we are working on a tool using the constraints to compute a reduced set of system call input values which are highly likely to generate flaws in OKL4 if they are not fully checked by the hypervisor.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
